Masked Passwords

[FULgore]

Recently seen a lot of articles discussing the need for passwords to remain unmasked. The biggest argument for unmasking passwords is that this function complicates usability while adding no benefits for security. Most will argue that with clear passwords on the screen one would be susceptible to shoulder surfing. However I would argue that most people have a better since of general security, as the media has highlighted the various breaches over the years, and are more aware of who is standing around them. Of course, that's a pretty bold statement being the "human factor" leads to the compromise of most accounts/systems, but in general I think it's a pretty accurate statement.

Here is an article discussing the need for masked passwords to hit the road:
[url]http://www.theregister.co.uk/2009/06/30/masked_passwords_usability/[/url]

I'm going to hop on the bandwagon here and support unmasked passwords. Any thoughts?

[cryptocat]

Hi: I read the article and my inclination is that if Bruce Schneier supports it, its probably a good idea. I'm sitting on the fence, though, for now...

But seriously, I tend to agree that password masking creates more problems than it solves.

Larry

[FULgore]

haha very true statement... it's hard to argue with Bruce

[FULgore]

Bruce is playing with us...

[url]http://www.theregister.co.uk/2009/07/07/security_guru_password_retraction/[/url]


However, I do like how the iPhone gets some credit
"Schneier now backs an approach taken by BlackBerry devices and iPhones, which display each character briefly before masking it. "That seems like an excellent compromise," he said."